<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content=
    "application/xhtml+xml; charset=iso-8859-1" />
    <title>
      Cyrus SASL-2.1.27
    </title>
    <link rel="stylesheet" type="text/css" href="../stylesheets/lfs.css" />
    <meta name="generator" content="DocBook XSL Stylesheets V1.79.1" />
    <link rel="stylesheet" href="../stylesheets/lfs-print.css" type=
    "text/css" media="print" />
  </head>
  <body class="blfs" id="blfs-9.1">
    <div class="navheader">
      <h4>
        Beyond Linux<sup>�</sup> From Scratch <span class="phrase">(System
        V</span> Edition) - Version 9.1
      </h4>
      <h3>
        Chapter&nbsp;4.&nbsp;Security
      </h3>
      <ul>
        <li class="prev">
          <a accesskey="p" href="cryptsetup.html" title=
          "cryptsetup-2.0.6">Prev</a>
          <p>
            cryptsetup-2.0.6
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="gnupg.html" title="GnuPG-2.2.19">Next</a>
          <p>
            GnuPG-2.2.19
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 9.1">Home</a>
        </li>
      </ul>
    </div>
    <div class="sect1" lang="en" xml:lang="en">
      <h1 class="sect1">
        <a id="cyrus-sasl" name="cyrus-sasl"></a>Cyrus SASL-2.1.27
      </h1>
      <div class="package" lang="en" xml:lang="en">
        <h2 class="sect2">
          Introduction to Cyrus SASL
        </h2>
        <p>
          The <span class="application">Cyrus SASL</span> package contains a
          Simple Authentication and Security Layer, a method for adding
          authentication support to connection-based protocols. To use SASL,
          a protocol includes a command for identifying and authenticating a
          user to a server and for optionally negotiating protection of
          subsequent protocol interactions. If its use is negotiated, a
          security layer is inserted between the protocol and the connection.
        </p>
        <p>
          This package is known to build and work properly using an LFS-9.1
          platform.
        </p>
        <h3>
          Package Information
        </h3>
        <div class="itemizedlist">
          <ul class="compact">
            <li class="listitem">
              <p>
                Download (HTTP): <a class="ulink" href=
                "https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz">
                https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-2.1.27/cyrus-sasl-2.1.27.tar.gz</a>
              </p>
            </li>
            <li class="listitem">
              <p>
                Download MD5 sum: a33820c66e0622222c5aefafa1581083
              </p>
            </li>
            <li class="listitem">
              <p>
                Download size: 3.9 MB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated disk space required: 26 MB
              </p>
            </li>
            <li class="listitem">
              <p>
                Estimated build time: 0.1 SBU
              </p>
            </li>
          </ul>
        </div>
        <h3>
          Cyrus SASL Dependencies
        </h3>
        <h4>
          Recommended
        </h4>
        <p class="recommended">
          <a class="xref" href="../server/db.html" title=
          "Berkeley DB-5.3.28">Berkeley DB-5.3.28</a>
        </p>
        <h4>
          Optional
        </h4>
        <p class="optional">
          <a class="xref" href="linux-pam.html" title=
          "Linux-PAM-1.3.1">Linux-PAM-1.3.1</a>, <a class="xref" href=
          "mitkrb.html" title="MIT Kerberos V5-1.18">MIT Kerberos
          V5-1.18</a>, <a class="xref" href="../server/mariadb.html" title=
          "MariaDB-10.4.12">MariaDB-10.4.12</a> or <a class="ulink" href=
          "http://www.mysql.com/">MySQL</a>, <a class="xref" href=
          "../general/openjdk.html" title=
          "OpenJDK-12.0.2">OpenJDK-12.0.2</a>, <a class="xref" href=
          "../server/openldap.html" title=
          "OpenLDAP-2.4.49">OpenLDAP-2.4.49</a>, <a class="xref" href=
          "../server/postgresql.html" title=
          "PostgreSQL-12.2">PostgreSQL-12.2</a>, <a class="xref" href=
          "../server/sqlite.html" title="SQLite-3.31.1">SQLite-3.31.1</a>,
          <a class="ulink" href=
          "https://stuff.mit.edu/afs/net.mit.edu/project/attic/krb4/">krb4</a>
          and <a class="ulink" href="http://dmalloc.com/">Dmalloc</a>
        </p>
        <p class="usernotes">
          User Notes: <a class="ulink" href=
          "http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl">http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl</a>
        </p>
      </div>
      <div class="installation" lang="en" xml:lang="en">
        <h2 class="sect2">
          Installation of Cyrus SASL
        </h2>
        <div class="admon note">
          <img alt="[Note]" src="../images/note.png" />
          <h3>
            Note
          </h3>
          <p>
            This package does not support parallel build.
          </p>
        </div>
        <p>
          Install <span class="application">Cyrus SASL</span> by running the
          following commands:
        </p>
        <pre class="userinput">
<kbd class="command">./configure --prefix=/usr        \
            --sysconfdir=/etc    \
            --enable-auth-sasldb \
            --with-dbpath=/var/lib/sasl/sasldb2 \
            --with-saslauthd=/var/run/saslauthd &amp;&amp;
make -j1</kbd>
</pre>
        <p>
          This package does not come with a test suite. If you are planning
          on using the GSSAPI authentication mechanism, test it after
          installing the package using the sample server and client programs
          which were built in the preceding step. Instructions for performing
          the tests can be found at <a class="ulink" href=
          "http://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt">
          http://www.linuxfromscratch.org/hints/downloads/files/cyrus-sasl.txt</a>.
        </p>
        <p>
          Now, as the <code class="systemitem">root</code> user:
        </p>
        <pre class="root">
<kbd class="command">make install &amp;&amp;
install -v -dm755                          /usr/share/doc/cyrus-sasl-2.1.27/html &amp;&amp;
install -v -m644  saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-2.1.27      &amp;&amp;
install -v -m644  doc/legacy/*.html        /usr/share/doc/cyrus-sasl-2.1.27/html &amp;&amp;
install -v -dm700 /var/lib/sasl</kbd>
</pre>
      </div>
      <div class="commands" lang="en" xml:lang="en">
        <h2 class="sect2">
          Command Explanations
        </h2>
        <p>
          <em class=
          "parameter"><code>--with-dbpath=/var/lib/sasl/sasldb2</code></em>:
          This switch forces the <span class=
          "command"><strong>sasldb</strong></span> database to be created in
          <code class="filename">/var/lib/sasl</code> instead of <code class=
          "filename">/etc</code>.
        </p>
        <p>
          <em class=
          "parameter"><code>--with-saslauthd=/var/run/saslauthd</code></em>:
          This switch forces <span class=
          "command"><strong>saslauthd</strong></span> to use the FHS
          compliant directory <code class=
          "filename">/var/run/saslauthd</code> for variable run-time data.
        </p>
        <p>
          <em class="parameter"><code>--enable-auth-sasldb</code></em>: This
          switch enables SASLDB authentication backend.
        </p>
        <p>
          <code class="option">--with-dblib=gdbm</code>: This switch forces
          <span class="application">GDBM</span> to be used instead of
          <span class="application">Berkeley DB</span>.
        </p>
        <p>
          <code class="option">--with-ldap</code>: This switch enables the
          <span class="application">OpenLDAP</span> support.
        </p>
        <p>
          <code class="option">--enable-ldapdb</code>: This switch enables
          the LDAPDB authentication backend. There is a circular dependency
          with this parameter. See <a class="ulink" href=
          "http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl">http://wiki.linuxfromscratch.org/blfs/wiki/cyrus-sasl</a>
          for a solution to this problem.
        </p>
        <p>
          <code class="option">--enable-java</code>: This switch enables
          compiling of the <span class="application">Java</span> support
          libraries.
        </p>
        <p>
          <code class="option">--enable-login</code>: This option enables
          unsupported LOGIN authentication.
        </p>
        <p>
          <code class="option">--enable-ntlm</code>: This option enables
          unsupported NTLM authentication.
        </p>
        <p>
          <span class="command"><strong>install -v -m644 ...</strong></span>:
          These commands install documentation which is not installed by the
          <span class="command"><strong>make install</strong></span> command.
        </p>
        <p>
          <span class="command"><strong>install -v -m700 -d
          /var/lib/sasl</strong></span>: This directory must exist when
          starting <span class="command"><strong>saslauthd</strong></span> or
          using the sasldb plugin. If you're not going to be running the
          daemon or using the plugins, you may omit the creation of this
          directory.
        </p>
      </div>
      <div class="configuration" lang="en" xml:lang="en">
        <h2 class="sect2">
          Configuring Cyrus SASL
        </h2>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3">
            <a id="cyrus-sasl-config" name="cyrus-sasl-config"></a>
          </h3>
          <h4 class="title">
            <a id="cyrus-sasl-config" name="cyrus-sasl-config"></a>Config
            Files
          </h4>
          <p>
            <code class="filename">/etc/saslauthd.conf</code> (for
            <span class="command"><strong>saslauthd</strong></span> LDAP
            configuration) and <code class=
            "filename">/etc/sasl2/Appname.conf</code> (where "Appname" is the
            application defined name of the application)
          </p>
        </div>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3"></h3>
          <h4 class="title">
            <a id="idm45779285627088" name=
            "idm45779285627088"></a>Configuration Information
          </h4>
          <p>
            See <a class="ulink" href=
            "https://www.cyrusimap.org/sasl/sasl/sysadmin.html">https://www.cyrusimap.org/sasl/sasl/sysadmin.html</a>
            for information on what to include in the application
            configuration files.
          </p>
          <p>
            See <a class="ulink" href=
            "file:///usr/share/doc/cyrus-sasl-2.1.27/LDAP_SASLAUTHD">file:///usr/share/doc/cyrus-sasl-2.1.27/LDAP_SASLAUTHD</a>
            for configuring <span class=
            "command"><strong>saslauthd</strong></span> with <span class=
            "application">OpenLDAP</span>.
          </p>
          <p>
            See <a class="ulink" href=
            "https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi">https://www.cyrusimap.org/sasl/sasl/gssapi.html#gssapi</a>
            for configuring <span class=
            "command"><strong>saslauthd</strong></span> with <span class=
            "application">Kerberos</span>.
          </p>
        </div>
        <div class="sect3" lang="en" xml:lang="en">
          <h3 class="sect3">
            <a id="cyrus-sasl-init" name="cyrus-sasl-init"></a>
          </h3>
          <h4 class="title">
            <a id="cyrus-sasl-init" name="cyrus-sasl-init"></a><span class=
            "phrase">Init Script</span>
          </h4>
          <p>
            If you need to run the <span class=
            "command"><strong>saslauthd</strong></span> daemon at system
            startup, install the <code class=
            "filename">/etc/rc.d/init.d/saslauthd</code> init script included
            in the <a class="xref" href="../introduction/bootscripts.html"
            title="BLFS Boot Scripts">blfs-bootscripts-20191204</a> package
            using the following command:
          </p>
          <pre class="root">
<kbd class="command">make install-saslauthd</kbd>
</pre>
          <div class="admon note">
            <img alt="[Note]" src="../images/note.png" />
            <h3>
              Note
            </h3>
            <p>
              You'll need to modify <code class=
              "filename">/etc/sysconfig/saslauthd</code> and modify the
              <code class="option">AUTHMECH</code> parameter with your
              desired authentication mechanism.
            </p>
          </div>
        </div>
      </div>
      <div class="content" lang="en" xml:lang="en">
        <h2 class="sect2">
          Contents
        </h2>
        <div class="segmentedlist">
          <div class="seglistitem">
            <div class="seg">
              <strong class="segtitle">Installed Programs:</strong>
              <span class="segbody">pluginviewer, saslauthd,
              sasldblistusers2, saslpasswd2 and testsaslauthd</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Library:</strong>
              <span class="segbody">libsasl2.so</span>
            </div>
            <div class="seg">
              <strong class="segtitle">Installed Directories:</strong>
              <span class="segbody">/usr/include/sasl, /usr/lib/sasl2,
              /usr/share/doc/cyrus-sasl-2.1.27 and /var/lib/sasl</span>
            </div>
          </div>
        </div>
        <div class="variablelist">
          <h3>
            Short Descriptions
          </h3>
          <table border="0" class="variablelist">
            <colgroup>
              <col align="left" valign="top" />
              <col />
            </colgroup>
            <tbody>
              <tr>
                <td>
                  <p>
                    <a id="pluginviewer" name="pluginviewer"></a><span class=
                    "term"><span class=
                    "command"><strong>pluginviewer</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is used to list loadable SASL plugins and their
                    properties.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="saslauthd" name="saslauthd"></a><span class=
                    "term"><span class=
                    "command"><strong>saslauthd</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is the SASL authentication server.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="sasldblistusers2" name=
                    "sasldblistusers2"></a><span class="term"><span class=
                    "command"><strong>sasldblistusers2</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is used to list the users in the SASL password database
                    <code class="filename">sasldb2</code>.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="saslpasswd2" name="saslpasswd2"></a><span class=
                    "term"><span class=
                    "command"><strong>saslpasswd2</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is used to set and delete a user's SASL password and
                    mechanism specific secrets in the SASL password database
                    <code class="filename">sasldb2</code>.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="testsaslauthd" name=
                    "testsaslauthd"></a><span class="term"><span class=
                    "command"><strong>testsaslauthd</strong></span></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a test utility for the SASL authentication server.
                  </p>
                </td>
              </tr>
              <tr>
                <td>
                  <p>
                    <a id="libsasl2" name="libsasl2"></a><span class=
                    "term"><code class="filename">libsasl2.so</code></span>
                  </p>
                </td>
                <td>
                  <p>
                    is a general purpose authentication library for server
                    and client applications.
                  </p>
                </td>
              </tr>
            </tbody>
          </table>
        </div>
      </div>
      <p class="updated">
        Last updated on 2020-02-17 12:03:00 -0800
      </p>
    </div>
    <div class="navfooter">
      <ul>
        <li class="prev">
          <a accesskey="p" href="cryptsetup.html" title=
          "cryptsetup-2.0.6">Prev</a>
          <p>
            cryptsetup-2.0.6
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="gnupg.html" title="GnuPG-2.2.19">Next</a>
          <p>
            GnuPG-2.2.19
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="security.html" title=
          "Chapter&nbsp;4.&nbsp;Security">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 9.1">Home</a>
        </li>
      </ul>
    </div>
  </body>
</html>
